How to secure Cookie when using Https

By default cookie are not secured when using Https with SSL(TSL) security.

Asp.net security with cookies

You have two choices with ASP.NET

The first one is to explicitly mark the cookie has secure.

var cookie = new HttpCookie("MyCookieName", "MyValue");
cookie.Secure = true;
Response.Cookies.Add(cookie);

The advantage is that not even if the page is accessed with http that the cookie will still works. But, it has the cost to add more code.

The second choice is to change in the web.config a line that will implicit all cookie to be secure. But, the disadvantage is that the http won’t work, only https.

<httpCookies requireSSL="true" />

Asp.Mvc security with cookies

On the other side, with ASP MVC if you want to secure you have two ways and it’s better to use both of them in the same time.

The first approach is to use Https attribute to the controller class.

[RequireHttps]
public class MyLoginController: Controller
{
    ...

This will create a 302 redirect to the Https version of this page. If you want to avoid having a call two times to the server (avoid the redirect) you can also use the overloaded method of ActionLink which let you specify the protocol.

@Html.ActionLink("My Login Link", "LogOn", "MyLoginController", "https", null, null, null, null)

So that’s it. If you need to have a secured website, do not forget to secure your cookie.

Kill all instance of IIS web server with a single Command Line

When developing with Visual Studio, when you attach to the process or use the inner server (Cassini) a new process is launched. This one doesn’t always stop when you stop debugging. You can have a list of process that is running and sometime this can cause problem when debugging because you are not accessing the right one.

To close those server, you can check in the task bar, at the right side, in the tray, and you will notice a little icon with a paper and a mechanism wheel. This is what you need to kill. You can right click and closing. The problem is that if you forget to do it every time, after some time you will have a lot of them.

To be quick, you can use a command line that will close them all for you.

taskkill /f /im WebDev.*

Taskkill with a lot of WebServer.exe

This command line give to the Windows the right to kill a process by forcing it (/f) to close all process name (/im) that start with WebDev.

Accessing input control of a parent inside a child frame?

Not long time ago, I had to modify a code which was using a Frameset with Frame.

I had an issue because the code was written for Internet Explorer only and it was accessing the hidden field by using `parent.window.document.myhiddenfield.value`.

My first reflex was to remove the window and use getElementById. Like this:

parent.document.getElementById('myhiddenfield').value

This doesn’t work with Firefox either. After some search, I found that we can use `self.ownerDocument`. Like this:

self.ownerDocument.getElementById('bar');

Unfortunately, this doesn’t work with Internet Explorer, just Firefox.

My last try was to use JQuery, which solve most of the compatibility problem.

This is the current implementation that works to get hidden input control (or any other input) from a child frame to a parent that hold the frameset.

parent.$("#myhiddenfield").val()

Javascript’s variables grouping with object acting like namespace

In Javascript, if you need to have multiple global variable in a script you could finish with something like a chunk of `var`.

var v1;
var v2;
var v3;
var v4;
var v5;

This can cause problem because, maybe someone will need to define a variable with the same name (locally or globally). To reduce this problematic, you can use Javascript object notation (JSON). By using JSON syntax you can create a “virtual” namespace with an object. I say “virtual namespace” because it’s not a namespace. In fact, it’s an object… but it’s created just to group variable instead if letting them wild at the top of a Javascript file. This is pretty important because if a web page include many Javascript file this could end having 2 files using the same variable name which would override the value of the other.

var mynamespace = 
{
   "v1":"value1"
  ,"v2":"value2"
  ,"v3":"value3"
  ,"v4":"value4"
  ,"v5":"value5"
  ,"v6":"value6"
};

This way, instead of using in your code v1 directly you use the object v1.

  mynamespace.v1 = "Patrick";

  //...

  if(mynamespace.v1 == "Unknown")
  {
  //...
  }

This post cover only the basic. You can have multiple level of deepest as JSON let you have inner array or “object”. I’ll cover this later.

How to convert Javascript parenthese to access array to square bracket?

It can happen in old project that array objet are accessed with parentheses instead of square bracket.

For example, MyArray[0] is in fact the first element of an array in Javascript. But, IE let you use MyArray(0). This is not a good practice and other browsers doesn’t accept this syntax.

To convert easily, you can use a Regex expression. In my case, the array name was InTran.

InTran\({(.+)}\) //Find

InTran\[\1\] //Replace

The curly bracket is required by Visual Studio to have a backreference but is not required by all Regex tool.

IIS won’t start, the site binding is already took

IIS service start well, but all website sent an 404 error. This behaviour is strange because if you go into the IIS Manager you can see that the Sites property display that the Default Web Site is not started. If you try to start the Default Web Site, an error message tell you that it’s already taken by another process.

Default web site running

To know which process use the port, a DOS console need to be open and the use of netstat.exe is required.

netstat -a -n -p tcp -b

This will list the IP/PORT and under this information the name of the process.

In my case, Skype was running on 127.0.0.1:80. I had to close Skype, start the Default Web Site and then restart Skype and all was back to the normal.

To conclude, I have not idea why Skype.exe hook up the port 80 but for sure, if you want to use IIS or Apache with the port 80 while Skype is running, you have to start it after your web server.

How to remove document.all from your projects?

Recently, I had to work on pages which contained a lot of code that were using the famous Internet Explorer 4 document.all javascript method. It’s not supported by all browser and should not be used. You should use unique identifier but I couldn’t because time was limited for the change.

We already user JQuery so I knew that I can search by attribute.

The plan was to replace all document.all[“XYZ”] to $(‘input[name=”XYZ”]’). As you see, the XYZ change between each files. The solution is with Visual Studio (or other software that do replace with Regex) to use the Replace tool with a Regex expression.

//this
document.all\[\"{(.+)}\"\]
//to
$(\'input\[name="\1"\]\')

Regex to replace all document.all with JQuery name selector

What it does is that it search for the string document.all[“???”] and replace with input[name=”???”] and the ??? is replaced with what is found in the search and used in the replacement. This way, the name change every time it founds a new string with document.all.

This can will be good for some situation but not for code like this:

document.all[“???”].value because in JQuery the value is get by val() and set by val(‘new value’);

To be able to do this correctly, 2 Replaces is required.

The first one for the setter of the value:

document.all\[\"{(.+)}\"\].value(:b)@={(.+)}; //Search
$(\'input\[name="\1"\]\').val(\2); //Replace

The second one for the getter of the value

[^\.]document.all\[\"{(.+)}\"\].value //search
$(\'input\[name="\1"\]\').val() //Replace

This is ain’t perfect for all situations. Multiples concatenations of document.all may not be replaced correctly. But, I think it does the job for most of the situation.

Silverlight exception with javascript “failed to invoke” when using HtmlPage.Window.Invoke

Silverlight can interact with the Javascript that reside in the page that this one is hold. We have seen in the Silverlight Communication post that it’s possible with the use of System.Windows.Browser.HtmlPage.Window.Invoke.

Sometime, an exception can be thrown with the title “InvalidOperationException was unhandled by user code”. The troubleshooting tips should contain something like “Failed to invoke”.

InvalidOperationException was unhandled by user code

In fact, what happen is the Javascript is throwing an error. It can be any errors not catch in the Javascript. So, when you get this error, the best thing to do is to launch a Javascript Developer tool (for example F12 with Internet Explorer) and activate the Script Debugging functionality. When an error will be thrown and not catch, the tool will break and you will be able to change your script.

How to overload the square bracket operator in C#?

This is pretty simple. In fact, I am writing this because most example show you this :

public object this[int index]
{
    get { return collection[index]; }
    set { collection[index] = value; }
}

In fact, you should return the type of your collection. So, if your object contains a collection of Person than you should write :

public Person this[int index]
{
    get { return collection[index]; }
    set { collection[index] = value; }
}

This way, the value returned doesn’t require to be casted.